176 • Supply Chain Risk Management: An Emerging Discipline
business processes across an enterprise. Without risk taxonomies or a way
to structure and classify risk events, it is dicult to understand dierent
types of risks across the enterprise. And without taxonomies there is no
common set of standards or way to manage relationships between dif-
ferent data types. If each area of the business uses its own terms to clas-
sify risk, then the aggregated information will be subjective, incomplete,
redundant, or at best, awed. Each silo in an organization and level within
each silo will speak a dierent dialect.
e basic approach when creating a risk taxonomy is to develop a com-
mon framework for all risks, their readiness standards, and a balanced
scorecard of objectives. To handle the complexity of a large- scale sup-
ply chain, this approach obviously requires a tool to eectively manage
built- in libraries for use across the enterprise and highlight how one risk
event in one functional area aects other functions. ese tools enable
the organization to create structured, centralized repositories of all risk
elements within the organization. Some of these elements are risks, goals,
requirements, relationships (vendors, customers, third parties), soware
applications, physical assets (buildings, servers, data centers, plants, equip-
ments, and tools), data repositories, people, policies, and user- dened
applications (models and spreadsheets). For each of these elements, tax-
onomy tools and techniques allow for exibility and customization to
manage cross- functional cause- and- eect relationships. Some basic capa-
bilities of these taxonomy tools include the following:
• Creating and Maintaining a Central Repository of Information—
is could include the use of predened elds or completely custom-
ized data elements needed by the organization.
• Full Document Management—is should provide the ability to
upload documents, link them to shared applications, with a version
control aspect and permission rights so that all information related
to these areas can be centrally stored.
• Enterprise- wide Task Management—From a more tactical per-
spective, this could provide for creating automatic reminder e- mail
triggers for due dates, contract renewal dates, monitoring dates,
approvals, and change notications.
• Risk Assessment Scoring—In this area, tools can provide best- practice
assessment factors or allow organizations to develop their own risk
factors. With this capability, organizations can rate these elements to